[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: relying-party contract

To: Dwight Arthur <dwightarthur@xxxxxxxxxxxxxx>
Subject: Re: relying-party contract
From: Marc Branchaud <marcnarc@xxxxxxxxx>
Date: Wed, 4 Jun 1997 09:24:17 -0700 (PDT)
Cc: SSL-Talk List <ssl-talk@xxxxxxxxxxxx>, PKIX List <ietf-pkix@xxxxxxxxxx>, jreilly@xxxxxxxx, bredler@xxxxxxxx, akung@xxxxxxxx
In-reply-to: <>
Reply-to: Marc Branchaud <marcnarc@xxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----


Having worked with lawyers on some certification issues up here in Canada,
my opinion is that it's always better to have an explicit contract than an
implicit agreement.  This is even more important given the novelty of
PKI-based transactions.  A contract would give a court a specific picture
of the intentions of all parties when they entered into the relationship.

That said, note the usual caveat: I am not a lawyer, I'm just a dog who
can type who's pretending to know something about legal matters.  As such,
it's very likely that I'm completely wrong.  :) 

As to a forum for these matters, I think that it's a bit beyond the scope
of either the ssl-talk or the pkix lists.  I don't know of any
PKI-legal-talk list, though...

		Marc

+----------------------------------------------------------------------+
Marc Branchaud            XCERT SOFTWARE INC.        Tel: 1-604-640-6210
Chief PKI Designer    1001-701 West Georgia Street   Fax: 1-604-640-6220
marcnarc@xcert.com    PO Box 10145, Pacific Centre   Web: www.xcert.com 
                      Vancouver, Canada    V7Y 1C6
+----------------------------------------------------------------------+


On Wed, 4 Jun 1997, Dwight Arthur wrote:
> 
> Scenario one: confidential information
> Alice holds confidential information pertaining to Bob. Bob wishes to
> have Carol, who may be an employee, agent, or customer of Bob, access
> this information. Bob causes his CA to issue a certificate to Carol that
> identifies her and her relationship to Bob. Alice creates a web server
> that publishes this information to anyone with a certificate from Bob's
> CA where the relationship shown in the cert conveys authoriation to
> access this type of data.
> 
> Scenario two: transaction processing
> Same deal, except that Bob's cert enables Carol to enter transactions
> into Alice's systems.
> 
> The question: is there or should there be a legal agreement between Bob
> and Alice regarding the conditions under which Alice should accept Bob's
> certs and the liability that each carries? I understand that the general
> thinking is that the Certificate Policies or Certificate Practice
> Statement covers this, but I am questioning this.
> 
> If this is offtopic, my apologies and could you recommend a more
> appropriate forum?
> 
> IMHO the responsibilities and liabilities are as follows:
> 
> Bob's responsibilities to Alice:
> 1. Provide Alice with the root key of his CA
> 2. Issue certs to authorized persons conveying the accurate
> role/relationship data.
> 3. Promptly revoke certificates of any certified person where changes to
> the persons role or relationship so warrant.
> 4. Promptly make available via an agreed-upon mechanism and at or
> exceeding an agreed-upon frequency, notice of any revokations.
> 5. Take appropriate measures, and require certified persons to do the
> same, to prevent interception, misappropriation, or theft of certs or 
> of the private keys that underlie them.
> 
> Alice's responsibilities to Bob:
> 1. Prevent access to the protected data/transactions against anyone
> other that the holder of a cert (and of the associated private key) 
> signed with Bob's CA's key, that shows an appropriate (as agreed) 
> role or relationship for access to this data/transaction, and has 
> not been revoked.
> 2. Participate in whatever facility Bob's CA designates for notification
> of revokation.
> 
> Alice is liable to Bob for fradulent transactions if
> -Alice accepted an expired cert.
> -Alice accepted a cert from someone other than Bob's CA
> -Alice gave access to a holder of a cert from Bob's CA that did not
> demonstrate posession of the matching private key.
> -Alice gave access to a holder of a cert from Bob's CA that did not
> define the holder as having the role or relationship in Bob's
> organization that was defined as appropriate for access to the
> transaction.
> -Alice failed to reject a revoked cert despite receiving the appropriate
> notification from Bob's CA of the revokation at least X period of time
> before the transaction.
> 
> Bob is liable to Alice for fraudulent transactions if
> -Bob's CA issued a cert (with the appropriate role/relationship 
> shown) to a person who should not have had access to the transaction.
> -Bob's CA, Bob, the certified person, or someone else related to Bob
> permitted the cert and its prive ket to come into the posession of
> someone other than the intended certified person and did not
> revoke the cert.
> -Bob's CA revoked the cert without notifying Alice in time to stop 
> the transaction.
> 
> Question: doesn't there need to be a formal agreement between Bob
> and Alice to create these liabilities?
> Question: is there any prototype of such an agreement in existance?
> Question: what is the right forum for discussion of this issue?
> 
> Dwight Arthur
> Managing Director, Technology Planning
> National Securities Clearing Corporation, NY
> (212) 412-8687
> darthur@nscc.com
> 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBM5WWsVrdFXNdDxPlAQHDkAL/RpwEcW3HrGVb5rwyitBE94Lkbqs6ZzQ0
nA25eUiodzpJMur/e6otvjxJ7MnTM+7iOy2OJtlFruSQchGvJV/GIPXt/2c1O2PQ
Ovl5Gi+JYevvRJoVzhnqLEm6eWiWlK5h
=Shdf
-----END PGP SIGNATURE-----

References:
- relying-party contract
  - From: Dwight Arthur

Prev by Date: Re: relying-party contract
Next by Date: Re: X.509 certificate and its subject name field
Previous by thread: relying-party contract
Next by thread: Re: relying-party contract
Index(es):
- Date
- Thread